All I see from this top result is that web48 user is spawning a lot of processess. This does not mean the website is hacked it could be legit visitors, or bots trying to brute force the website. In both cases you can determine that in the logs, either access logs, or install some visitors tracking plug-in for wordpress and Wordfence Security plugin or similar to block the unwanted traffic.